no more cubes

Category: Security & Privacy

  • Gefährdete Website

    WER HAT GESAGT KÜNSTLICHE INTELLIGENZ FUNKTIONIERT NICHT, HABE ICH GEFRAGT?

  • Behavioral advertising efficiency

    Researchers from U Minnesota, UC Irvine and CMU took a look into “behavioural based advertisement”, a segment that requires heavy tracking of users across websites through cookies. A report of their findings is here: Online Tracking and Publishers’ Revenues: An Empirical Analysis. Money quote:

    Empirical analysis of behavioral advertising finds that surveillance makes ads only 4% more profitable for media companies

    They found that despite the 40% “ad-tech” premium charged by behavioral ad companies, the ads only added about 4% the media companies that published them, meaning that behavioral advertising is a losing proposition.

    Source: Boing Boing

  • notepad.exe

    Until recently, notepad.exe was considered safe in terms of security vulnerability, mostly for its lack of features and therefore lack of attack surface. Until Vulnerability researcher at Google, Tavis Ormandy, took a closer look and popped a shell from notepad.exe.

    Awesome.

  • Google stored G Suite passwords in plaintext

    In today’s edition of privacy related topics, it is Google that apparently stored customer passwords in plaintext. Google didn’t disclose which (enterprise) customers have been affected, but was clear that improper access is out of question. With this recent incident, Google joins ranks of Facebook, Instagram, but also Twitter and LinkedIn.

    Google says it discovered a bug that caused some of its enterprise G Suite customers to have their passwords stored in an unhashed form for about 14 years.

    Source: Google stored some G Suite passwords in plaintext for 14 years

  • Instagram had private contact data scraped

    Another week, another Facebook leak. This time an Instagram dataset with apparently scraped profile information was found online.

    A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by […]

    Source: Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch

  • Versteckte Kameras in Ihrem Airbnb-Appartement finden

    Normalerweise lasse ich politische Ereignisse lieber un-kommentiert, und ich will Politik auch nicht zum Inhalt dieses Blogs machen. Aber die Österreichische Presse arbeitet den Fall so schön auf, dass ich an der Stelle auf diesen Hinweis verlinken will. Es hat ja auch mit Security und Privacy zu tun, wenn man das so sehen möchte. Weil von dem Vorfall in dem Text nicht einmal die Rede ist, an der Stelle auch noch einen schönen Gruß an die Bildredaktion des Standard.

    HC Strache im Urlaub auf Ibiza
    Airbnb Appartement

    Wer auf Nummer sicher gehen will, im Urlaub nicht überwacht zu werden, sollte einige einfache Grundregeln befolgen.

    Source: So finden Sie versteckte Kameras in Ihrem Airbnb-Appartement – Netzpolitik – derStandard.at › Web

  • Salesforce outage.

    It appears Salesforce was shutting down its services May 17th 2019. Reason was a faulty configuration of scripting options, that allowed users to access to all their company’s Salesforce data. To prevent worse, Salesforce shut down.

    Salesforce said the script only impacted customers of Salesforce Pardot – a business-to-business (B2B) marketing-focused CRM.

    However, out of an abundance of caution, the company decided to take down all other Salesforce services, for both current and former Pardot customers.

    Source: Faulty database script brings Salesforce to its knees | ZDNet

  • GCP can run untrusted workloads

    Google’s Kubernetes Engine (GKE) now supports node pools that are wrapped in gVisor to allow running untrusted workloads. The idea behind gVisors is to emulate all system calls in user space and provide a sandbox to processes that cannot be trusted. GKE allows to enable this with a configuration option now.

    GKE on GCP

    New GKE Sandbox brings added security to your containers running in Google Kubernetes Engine clusters.

    Source: GKE Sandbox: Bring defense in depth to your pods | Google Cloud Blog

  • Security Updates

    Meanwhile, on Patch Tuesday. Solid Advise.

  • Phones Open to Attack through WhatsApp Flaw

    Meanwhile, another flaw from the Facebook universe. While it appears it’s not immediately related to data leakage, it gives great potential to 3rd parties, though. On the upside, nobody will attribute it to Facebook this time.

    It’s a good opportunity to point out and recommend the alternatives to Whatsapp, in particular Signal and Threema.

    A WhatsApp vulnerability left Android and iOS devices open to attack from sophisticated surveillance software. The Facebook-owned company said it hasn’t yet been able to determine how many people were impacted, and told users to ensure they’re running the latest version of the app.

    Source: WhatsApp Flaw Left Phones Open to Attack From Sophisticated Spyware | Digital Trends